diff --git a/load-responses.php b/load-responses.php
index a69c526..888848f 100644
--- a/load-responses.php
+++ b/load-responses.php
@@ -6,7 +6,8 @@ require_once __DIR__ . "/db.php";
 header("Content-Type: application/json");
 
 // Get user token from session or URL
-$userToken = $_SESSION['user_token'] ?? $_GET['token'] ?? null;
+$userToken = $_GET['token'] ?? null;
+
 
 if (!$userToken) {
     http_response_code(403);
@@ -24,7 +25,7 @@ if ($conn->connect_error) {
 }
 
 // Fetch user ID using token
-$stmt = $conn->prepare("SELECT id FROM users WHERE auth_token = ?");
+$stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?");
 $stmt->bind_param("s", $userToken);
 $stmt->execute();
 $result = $stmt->get_result();
@@ -34,8 +35,16 @@ if (!$user) {
     echo json_encode(["error" => "Invalid authentication token."]);
     exit;
 }
+// Check if token is expired
+if (strtotime($user['token_expires_at']) < time()) {
+    http_response_code(403);
+    echo json_encode(["error" => "Authentication token has expired."]);
+    exit;
+}
+
 $userId = $user['id'];
 
+
 // Fetch saved responses
 $stmt = $conn->prepare("SELECT * FROM questionnaire_responses WHERE user_id = ?");
 $stmt->bind_param("i", $userId);
diff --git a/submit.php b/submit.php
index afd3673..e6def61 100644
--- a/submit.php
+++ b/submit.php
@@ -13,7 +13,8 @@ if ($_SERVER["REQUEST_METHOD"] !== "POST") {
 }
 
 // Get user token from session or URL (whichever is applicable)
-$userToken = $_SESSION['user_token'] ?? $_GET['token'] ?? null;
+$userToken = $_POST['token'] ?? null;
+
 
 if (!$userToken) {
     http_response_code(403);
@@ -30,7 +31,8 @@ if ($conn->connect_error) {
 }
 
 // Get user ID from token
-$stmt = $conn->prepare("SELECT id FROM users WHERE auth_token = ?");
+$stmt = $conn->prepare("SELECT id, token_expires_at FROM users WHERE auth_token = ?");
+
 $stmt->bind_param("s", $userToken);
 $stmt->execute();
 $result = $stmt->get_result();
@@ -40,8 +42,16 @@ if (!$user) {
     echo json_encode(["error" => "Invalid authentication token."]);
     exit;
 }
+// Check if token is expired
+if (strtotime($user['token_expires_at']) < time()) {
+    http_response_code(403);
+    echo json_encode(["error" => "Authentication token has expired."]);
+    exit;
+}
+
 $userId = $user['id'];
 
+
 // Extract & sanitize input
 function sanitize($value) {
     return htmlspecialchars(strip_tags(trim($value)));